In a backdoor attack, an adversary injects corrupted data into a model's training dataset in order to gain control over its predictions on images with a specific attacker-defined trigger. A typical corrupted training example requires altering both the image, by applying the trigger, and the label. Models trained on clean images, therefore, were considered safe from backdoor attacks. However, in some common machine learning scenarios, the training labels are provided by potentially malicious third-parties. This includes crowd-sourced annotation and knowledge distillation. We, hence, investigate a fundamental question: can we launch a successful backdoor attack by only corrupting labels?

Learning the intents of an agent, defined by its goals or motion style, is often extremely challenging from just a few examples.

"contrastive-equivariant" versions that encourage preservation of input transformations without supervised access to the transformation parameters.

Most existing approaches for dealing with noisy labels broadly fall into two categories: noise-modeling-based methods and memorization-effects-based methods.

Machine learning models can often fail on subgroups that are underrepresented during training.

Discriminative methods were used to execute such tasks and achieved state-of-the-art performance.

Presented with class names or unlabeled test samples, Neural Priming enables the model to recall and conditions its parameters on relevant data seen throughout pretraining, thereby priming it for the test distribution. Neural Priming can be performed at inference, even for pretraining datasets as large as LAION-2B. Performing lightweight updates on the recalled data significantly improves accuracy across a variety of distribution shift and transfer learning benchmarks.

V ov95, CBL06] and online convex optimization [Haz16, Ora19] have been developed. Until the labels of all examples of X have been predicted: The learning algorithm picks a point x X and makes a prediction z R about its label.